CN109040064A - A kind of server seals and stops method, apparatus, equipment and readable storage medium storing program for executing - Google Patents

A kind of server seals and stops method, apparatus, equipment and readable storage medium storing program for executing Download PDF

Info

Publication number
CN109040064A
CN109040064A CN201810865251.4A CN201810865251A CN109040064A CN 109040064 A CN109040064 A CN 109040064A CN 201810865251 A CN201810865251 A CN 201810865251A CN 109040064 A CN109040064 A CN 109040064A
Authority
CN
China
Prior art keywords
server
occupied bandwidth
threshold value
seals
set bandwidths
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810865251.4A
Other languages
Chinese (zh)
Inventor
杨小龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Jing An Network Polytron Technologies Inc
Original Assignee
Zhengzhou Jing An Network Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Jing An Network Polytron Technologies Inc filed Critical Zhengzhou Jing An Network Polytron Technologies Inc
Priority to CN201810865251.4A priority Critical patent/CN109040064A/en
Publication of CN109040064A publication Critical patent/CN109040064A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of servers to seal and stop method, method includes the following steps: obtaining the occupied bandwidth of each server by NDS detection system;Judge the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of occupied bandwidth;If so, it is destination server that occupied bandwidth, which is higher than the server-tag of the first pre-set bandwidths threshold value, and destination server is sealed and stopped using Python technology.Using technical solution provided by the embodiment of the present invention, sealed and stopped using Python technology by destination server is timely automated, avoid manually seal and stop the reaction time it is longer caused by server the case where directly crashing, significantly the user experience is improved.The invention also discloses a kind of servers to seal and stop device, equipment and storage medium, has relevant art effect.

Description

A kind of server seals and stops method, apparatus, equipment and readable storage medium storing program for executing
Technical field
The present invention relates to server defence policies technical fields, seal and stop method, apparatus more particularly to a kind of server, set Standby and computer readable storage medium.
Background technique
The multiple servers of deployment in computer room, it is unavoidable by hacker's malicious attack in use, so as to cause Server delay machine even influences the bandwidth of entire host or computer room.It is currently that journey is monitored by server resource by manually Sequence to monitor for 24 hours, and discovery has bandwidth using abnormal server, i.e., server under fire directly seals and stops clothes under fire Business device, waits and unseals again after restoring normal after a period of time.It needs stare at monitoring resource platform within computer room administrator 24 hours, finds There is the situation of bandwidth exception, just take the measure of sealing and stopping, the means of sealing and stopping are manually on switches server under fire to envelope Stop, seals and stops the means waste of manpower of server manually, and seal and stop need certain reaction time manually, be likely in this period The case where causing server directly to crash, poor user experience.
In conclusion how to efficiently solve the means waste of manpower for sealing and stopping server manually, and needs one are sealed and stopped manually The fixed reaction time is mesh the problems such as being likely to the case where causing server directly to crash and poor user experience this period Preceding those skilled in the art's urgent problem.
Summary of the invention
In order to solve the above technical problems, the invention provides the following technical scheme:
A kind of server seals and stops method, which comprises
The occupied bandwidth of each server is obtained by NDS detection system;
Judge the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of the occupied bandwidth;
If so, being destination service by the server-tag that the occupied bandwidth is higher than the first pre-set bandwidths threshold value Device, and sealed and stopped the destination server using Python technology.
In a kind of specific embodiment of the invention, when a server disposition there are multiple child servers, pass through NDS Detection system obtains the occupied bandwidth of each server, comprising:
The occupied bandwidth of each child servers in each server is obtained by NDS detection system;
Judge the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of the occupied bandwidth, specifically Are as follows:
Judge whether there is the child servers that the occupied bandwidth is higher than the second pre-set bandwidths threshold value;
It is destination server by the server-tag that the occupied bandwidth is higher than the first pre-set bandwidths threshold value, and sharp The destination server is sealed and stopped with Python technology, specifically:
The child servers that the occupied bandwidth is higher than the second pre-set bandwidths threshold value are labeled as target child servers, And the target child servers are sealed and stopped using Python technology.
In a kind of specific embodiment of the invention, the occupancy band of each server is obtained by NDS detection system It is wide, comprising:
The flow use value of each server is detected by the NDS detection system;
Judge whether there is the Traffic Anomaly server of the flow use value exception;
If so, carrying out flow cleaning to the Traffic Anomaly server;
Obtain the occupied bandwidth that each server after flow cleaning is carried out to the Traffic Anomaly server.
In a kind of specific embodiment of the invention, the destination server is being sealed and stopped it using Python technology Afterwards, further includes:
When detecting that the normal duration of destination server flow reaches preset duration, to the destination service Device carries out unsealing operation.
A kind of server seals and stops device, and described device includes:
Occupied bandwidth obtains module, for obtaining the occupied bandwidth of each server by NDS detection system;
Module is sealed and stopped, judges to exist in each server the occupied bandwidth higher than the first pre-set bandwidths threshold value for working as It is destination server by the server-tag that the occupied bandwidth is higher than the first pre-set bandwidths threshold value when server, and The destination server is sealed and stopped using Python technology.
In a kind of specific embodiment of the invention, when a server disposition has multiple child servers, it is described Occupied bandwidth obtains module and obtains the occupied bandwidth of each child servers in each server specifically by NDS detection system Module;
The module that seals and stops is specially when judgement has the target that the occupied bandwidth is higher than the second pre-set bandwidths threshold value When child servers, the child servers that the occupied bandwidth is higher than the second pre-set bandwidths threshold value are labeled as target sub-services Device, and sealed and stopped the target child servers using Python technology.
In a kind of specific embodiment of the invention, the occupied bandwidth obtains module, comprising:
Flow detection submodule, for detecting the flow use value of each server by the NDS detection system;
Flow cleaning submodule, for when judgement is there are when the Traffic Anomaly server of flow use value exception, to described Traffic Anomaly server carries out flow cleaning;
Occupied bandwidth acquisition submodule, for obtaining to each clothes after Traffic Anomaly server progress flow cleaning The occupied bandwidth of business device.
In a kind of specific embodiment of the invention, further includes:
Module is unsealed, for after sealing and stopping the destination server using Python technology, when detecting the mesh When the mark normal duration of server traffic reaches preset duration, unsealing operation is carried out to the destination server.
A kind of server seals and stops equipment, comprising:
Memory, for storing computer program;
Processor realizes the step of server as previously described seals and stops method when for executing the computer program.
A kind of computer readable storage medium is stored with computer program on the computer readable storage medium, described The step of server as previously described seals and stops method is realized when computer program is executed by processor.
Using method provided by the embodiment of the present invention, the occupancy band of each server is obtained by NDS detection system It is wide;Judge the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of occupied bandwidth;If so, by having accounted for The server-tag for being higher than the first pre-set bandwidths threshold value with bandwidth is destination server, and utilizes Python technology by destination service Device seals and stops.By the bandwidth usage of each server in NDS detection system automatic detecting machine room, accounted for when detecting the presence of When being higher than the destination server of the first pre-set bandwidths threshold value with bandwidth, the destination server is sealed using Python technology immediately Stop, whole bandwidth monitors and seals and stops the manual participation that process does not need computer lab management personnel, is taken target using Python technology Device is timely automated seals and stops for business, avoid manually seal and stop the reaction time it is longer caused by server the case where directly crashing, compared with The user experience is improved for the earth.
Correspondingly, the embodiment of the invention also provides seal and stop the corresponding server of method with above-mentioned server to seal and stop dress It sets, equipment and computer readable storage medium, has above-mentioned technique effect, details are not described herein.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of implementation flow chart that server seals and stops method in the embodiment of the present invention;
Fig. 2 is another implementation flow chart that server seals and stops method in the embodiment of the present invention;
Fig. 3 is another implementation flow chart that server seals and stops method in the embodiment of the present invention;
Fig. 4 seals and stops the structural block diagram of device for server a kind of in the embodiment of the present invention;
Fig. 5 seals and stops the structural block diagram of equipment for server a kind of in the embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawings and detailed description The present invention is described in further detail.Obviously, described embodiments are only a part of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Embodiment one:
Referring to Fig. 1, Fig. 1 is that server seals and stops a kind of implementation flow chart of method in the embodiment of the present invention, and this method can be with The following steps are included:
S101: the occupied bandwidth of each server is obtained by NDS detection system.
General export bandwidth in one computer room is limited, and each server in corresponding computer room has it that can pass through band One of an important factor for wide maximum limitation, bandwidth is decision server access speed, when server is attacked by hackers When, can generate large effect to the bandwidth of server, it is serious may there is a phenomenon where server delay machines.It therefore can be pre- NDS detection system is first set, is measured in real time by occupied bandwidth of the NDS detection system to server each in computer room, To obtain the bandwidth resource consumption situation of each server.
S102: judging the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of occupied bandwidth, if It is to then follow the steps S103, if it is not, being then not processed.
The first pre-set bandwidths threshold value can be preset, is obtained when by NDS detection system according to the actual bandwidth of server After getting the occupied bandwidth of each server, it can be determined that it is pre- with the presence or absence of occupied bandwidth to be higher than first in each server If the server of bandwidth threshold, if so, the server that the current occupied bandwidth of explanation is higher than the first pre-set bandwidths threshold value very may be used Malicious attack can be received, in such a case, it is possible to step S103 be continued to execute, if it is not, then illustrating each clothes of current computer room The bandwidth of business device uses normally, not under attack.
It should be noted that the embodiment of the present invention is only the situation identical with the practical maximum limitation bandwidth of each server Under, it is illustrated for the identical first pre-set bandwidths threshold value of setting, certainly, the reality of each server present in computer room It can according to the actual situation be the different pre-set bandwidths threshold value of each server settings when maximum limitation bandwidth difference.
S103: it is destination server by the server-tag that occupied bandwidth is higher than the first pre-set bandwidths threshold value, and utilizes Python technology seals and stops destination server.
When being higher than the server of the first pre-set bandwidths threshold value in the presence of occupied bandwidth in each server for determining computer room, say The bright server has been most likely subject to malicious attack, in such a case, it is possible to which occupied bandwidth is higher than the first pre-set bandwidths The server-tag of threshold value is the destination server for needing seal and stop to it operation, and utilizes the Python in switch technology Technology seals and stops destination server, so that access speed caused by effectively avoiding generation server bandwidth occupancy excessive is excessively slow, very Phenomena such as to delay machine.And the information that seals and stops of destination server can be recorded, facilitate computer lab management personnel to sealing and stopping letter Breath is checked.
Using method provided by the embodiment of the present invention, the occupancy band of each server is obtained by NDS detection system It is wide;Judge the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of occupied bandwidth;If so, by having accounted for The server-tag for being higher than the first pre-set bandwidths threshold value with bandwidth is destination server, and utilizes Python technology by destination service Device seals and stops.By the bandwidth usage of each server in NDS detection system automatic detecting machine room, accounted for when detecting the presence of When being higher than the destination server of the first pre-set bandwidths threshold value with bandwidth, the destination server is sealed using Python technology immediately Stop, whole bandwidth monitors and seals and stops the manual participation that process does not need computer lab management personnel, is taken target using Python technology Device is timely automated seals and stops for business, avoid manually seal and stop the reaction time it is longer caused by server the case where directly crashing, compared with The user experience is improved for the earth.
It should be noted that based on the above embodiment one, the embodiment of the invention also provides be correspondingly improved scheme.Rear Involved in continuous embodiment with can mutually be referred between same steps or corresponding steps in above-described embodiment one, corresponding beneficial effect Can also be cross-referenced, it is no longer repeated one by one in improvement embodiment below.
Embodiment two:
Referring to fig. 2, Fig. 2 is another implementation flow chart that server seals and stops method in the embodiment of the present invention, and this method can With the following steps are included:
S201: it when a server disposition has multiple child servers, is obtained by NDS detection system every in each server The occupied bandwidth of a child servers.
Each server may fictionalize multiple virtual machines, i.e. child servers, when a server disposition has multiple sub- clothes , can be individually individual using each child servers as one when business device, the corresponding IP of each child servers.In such case Under, when server is by malicious attack, it may be possible to which one or several child servers in server are under attack, can pass through NDS detection system obtains the occupied bandwidth of each child servers in each server.
S202: judging whether there is the child servers that occupied bandwidth is higher than the second pre-set bandwidths threshold value, if so, executing Step S203, if it is not, being then not processed.
Each sub-services can be set according to the quantity of the child servers of the practical maximum limitation bandwidth and deployment of server Second pre-set bandwidths threshold value of device, and the second pre-set bandwidths threshold value is less than or equal to the first pre-set bandwidths threshold value.It is detected when by NDS System is got in each server after the occupied bandwidth of each child servers, it can be determined that high with the presence or absence of occupied bandwidth In the child servers of the second pre-set bandwidths threshold value, if so, the current occupied bandwidth of explanation is higher than the second pre-set bandwidths threshold value Child servers have been most likely subject to malicious attack, in such a case, it is possible to step S203 be continued to execute, if it is not, then explanation is worked as The bandwidth of each child servers in each server of preceding computer room uses normally, not under attack.
S203: being labeled as target child servers for the child servers that occupied bandwidth is higher than the second pre-set bandwidths threshold value, and Target child servers are sealed and stopped using Python technology.
When the son clothes for being higher than the second pre-set bandwidths threshold value in each child servers for determine each server in the presence of occupied bandwidth Be engaged in device when, illustrate that the child servers have been most likely subject to malicious attack, in such a case, it is possible to which occupied bandwidth is higher than the The child servers of two pre-set bandwidths threshold values are labeled as needing seal and stop to it target child servers of operation, and utilize interchanger Python technology in technology seals and stops target child servers, thus caused by effectively avoiding generation server bandwidth occupancy excessive Phenomena such as access speed is excessively slow or even delay machine.
Embodiment three:
Referring to Fig. 3, Fig. 3 is another implementation flow chart that server seals and stops method in the embodiment of the present invention, and this method can With the following steps are included:
S301: the flow use value of each server is detected by NDS detection system.
When server is under attack, most intuitive performance is that its flow use value is very high, in such a case, it is possible to logical Cross the flow use value that NDS detection system detects each server.
S302: judging whether there is the Traffic Anomaly server of flow use value exception, if so, S303 is thened follow the steps, If it is not, then directly acquiring the occupied bandwidth of each server.
The high quick data packet scale model algorithm of intelligence is can integrate in NDS detection system, by being integrated with intelligent height The NDS detection system of quick data packet scale model algorithm can quickly judge that there are the Traffic Anomaly services of flow use value exception The time of attack discovery can be promoted to Millisecond using the algorithm, be promoted than traditional netflow data exchange ways by device Tens times.Therefore, after the flow use value for detecting each server by NDS detection system, it can be determined that whether deposit In the Traffic Anomaly server of flow use value exception, if so, illustrating that the server is most likely subject to more serious malice Attack, can continue to execute step S303, if it is not, can then directly acquire the occupied bandwidth of each server.
S303: flow cleaning is carried out to flow abnormal server.
When judgement there are after the Traffic Anomaly server of flow use value exception, mds flow cleaning equipment can be used Flow cleaning is carried out to flow abnormal server, so that a part of abnormal flow is washed, it is possible to prevente effectively from abnormal flow mistake The phenomenon that server delay machine caused by big.
S304: the occupied bandwidth that each server after flow cleaning is carried out to flow abnormal server is obtained.
It is available to Traffic Anomaly after the completion of to flow cleaning is carried out there are the Traffic Anomaly server of Traffic Anomaly Server carries out the occupied bandwidth of each server after flow cleaning, and bandwidth and flow including Traffic Anomaly server are normal The bandwidth of server.
S305: judging the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of occupied bandwidth, if It is to then follow the steps S306, if it is not, being then not processed.
S306: it is destination server by the server-tag that occupied bandwidth is higher than the first pre-set bandwidths threshold value, and utilizes Python technology seals and stops destination server.
S307: when detecting that the normal duration of destination server flow reaches preset duration, to destination server Carry out unsealing operation.
After the destination server to bandwidth exception seals and stops, the flow of destination server can be measured in real time, A duration can be preset, after the destination server to Traffic Anomaly seals and stops, when detecting destination server flow When normal duration reaches preset duration, illustrate that attack has been not present in destination server, can to destination server into Row unsealing operation.
Corresponding to above method embodiment, the embodiment of the invention also provides a kind of servers to seal and stop method, hereafter retouches A kind of server stated, which seals and stops device and seals and stops method with a kind of above-described server, can correspond to each other reference.
Referring to fig. 4, Fig. 4 seals and stops the structural block diagram of device for server a kind of in the embodiment of the present invention, which can wrap It includes:
Occupied bandwidth obtains module 41, for obtaining the occupied bandwidth of each server by NDS detection system;
Module 42 is sealed and stopped, for when the clothes for judging to be higher than the first pre-set bandwidths threshold value in each server in the presence of occupied bandwidth It is destination server by the server-tag that occupied bandwidth is higher than the first pre-set bandwidths threshold value, and utilize Python when business device Technology seals and stops destination server.
Using device provided by the embodiment of the present invention, the occupancy band of each server is obtained by NDS detection system It is wide;Judge the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of occupied bandwidth;If so, by having accounted for The server-tag for being higher than the first pre-set bandwidths threshold value with bandwidth is destination server, and utilizes Python technology by destination service Device seals and stops.By the bandwidth usage of each server in NDS detection system automatic detecting machine room, accounted for when detecting the presence of When being higher than the destination server of the first pre-set bandwidths threshold value with bandwidth, destination server is sealed and stopped using Python technology immediately, Whole bandwidth monitors and seals and stops the manual participation that process does not need computer lab management personnel, using Python technology by destination server It is timely automated to seal and stop, avoid manually seal and stop the reaction time it is longer caused by server the case where directly crashing, significantly The user experience is improved.
In a kind of specific embodiment of the invention, when a server disposition there are multiple child servers, occupy Bandwidth obtains the mould that module 41 obtains the occupied bandwidth of each child servers in each server specifically by NDS detection system Block;
Sealing and stopping module 42 is specially when judgement has the target sub-services that occupied bandwidth is higher than the second pre-set bandwidths threshold value When device, the child servers that occupied bandwidth is higher than the second pre-set bandwidths threshold value are labeled as target child servers, and utilize Python technology seals and stops target child servers.
In a kind of specific embodiment of the invention, occupied bandwidth obtains module 41, comprising:
Flow detection submodule, for detecting the flow use value of each server by NDS detection system;
Flow cleaning submodule, for when judgement is there are when the Traffic Anomaly server of flow use value exception, to flow Abnormal server carries out flow cleaning;
Occupied bandwidth acquisition submodule, for obtaining to each server after flow abnormal server progress flow cleaning Occupied bandwidth.
In a kind of specific embodiment of the invention, further includes:
Module is unsealed, for after sealing and stopping destination server using Python technology, when detecting destination server When the normal duration of flow reaches preset duration, unsealing operation is carried out to destination server.
Corresponding to above method embodiment, referring to Fig. 5, Fig. 5 is the schematic diagram of equipment provided by the present invention, the equipment May include:
Memory 51, for storing computer program;
Processor 52 can realize following steps when for executing the computer program of the above-mentioned storage of memory 51:
The occupied bandwidth of each server is obtained by NDS detection system;Judging, which whether there is in each server, has accounted for It is higher than the server of the first pre-set bandwidths threshold value with bandwidth;If so, occupied bandwidth is higher than the first pre-set bandwidths threshold value Server-tag is destination server, and is sealed and stopped destination server using Python technology.
Above method embodiment is please referred to for the introduction of equipment provided by the invention, this will not be repeated here by the present invention.
It is computer-readable the present invention also provides a kind of computer readable storage medium corresponding to above method embodiment It is stored with computer program on storage medium, can realize following steps when computer program is executed by processor:
The occupied bandwidth of each server is obtained by NDS detection system;Judging, which whether there is in each server, has accounted for It is higher than the server of the first pre-set bandwidths threshold value with bandwidth;If so, occupied bandwidth is higher than the first pre-set bandwidths threshold value Server-tag is destination server, and is sealed and stopped destination server using Python technology.
The computer readable storage medium may include: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. is various to deposit Store up the medium of program code.
Above method embodiment is please referred to for the introduction of computer readable storage medium provided by the invention, the present invention exists This is not repeated them here.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with it is other The difference of embodiment, same or similar part may refer to each other between each embodiment.For being filled disclosed in embodiment It sets, for equipment and computer readable storage medium, since it is corresponded to the methods disclosed in the examples, so the comparison of description Simply, reference may be made to the description of the method.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology In any other form of storage medium well known in field.
Used herein a specific example illustrates the principle and implementation of the invention, and above embodiments are said It is bright to be merely used to help understand technical solution of the present invention and its core concept.It should be pointed out that for the common of the art , without departing from the principle of the present invention, can be with several improvements and modifications are made to the present invention for technical staff, these Improvement and modification are also fallen within the protection scope of the claims of the present invention.

Claims (10)

1. a kind of server seals and stops method, which is characterized in that the described method includes:
The occupied bandwidth of each server is obtained by NDS detection system;
Judge the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of the occupied bandwidth;
If so, be destination server by the server-tag that the occupied bandwidth is higher than the first pre-set bandwidths threshold value, And the destination server is sealed and stopped using Python technology.
2. the method according to claim 1, wherein leading to when a server disposition has multiple child servers Cross the occupied bandwidth that NDS detection system obtains each server, comprising:
The occupied bandwidth of each child servers in each server is obtained by NDS detection system;
Judge the server for being higher than the first pre-set bandwidths threshold value in each server with the presence or absence of the occupied bandwidth, specifically:
Judge whether there is the child servers that the occupied bandwidth is higher than the second pre-set bandwidths threshold value;
It is destination server by the server-tag that the occupied bandwidth is higher than the first pre-set bandwidths threshold value, and utilizes Python technology seals and stops the destination server, specifically:
The child servers that the occupied bandwidth is higher than the second pre-set bandwidths threshold value are labeled as target child servers, and benefit The target child servers are sealed and stopped with Python technology.
3. the method according to claim 1, wherein obtaining having accounted for for each server by NDS detection system With bandwidth, comprising:
The flow use value of each server is detected by the NDS detection system;
Judge whether there is the Traffic Anomaly server of the flow use value exception;
If so, carrying out flow cleaning to the Traffic Anomaly server;
Obtain the occupied bandwidth that each server after flow cleaning is carried out to the Traffic Anomaly server.
4. according to the method described in claim 3, it is characterized in that, the destination server is sealed and stopped using Python technology Later, further includes:
When detecting that the normal duration of destination server flow reaches preset duration, to the destination server into Row unsealing operation.
5. a kind of server seals and stops device, which is characterized in that described device includes:
Occupied bandwidth obtains module, for obtaining the occupied bandwidth of each server by NDS detection system;
Module is sealed and stopped, for when the service for judging to be higher than the first pre-set bandwidths threshold value in each server in the presence of the occupied bandwidth It is destination server by the server-tag that the occupied bandwidth is higher than the first pre-set bandwidths threshold value, and utilize when device Python technology seals and stops the destination server.
6. device according to claim 5, which is characterized in that when a server disposition has multiple child servers, institute It states occupied bandwidth and obtains the occupancy band that module obtains each child servers in each server specifically by NDS detection system Wide module;
The module that seals and stops is specially when target that judgement is higher than the second pre-set bandwidths threshold value in the presence of the occupied bandwidth takes When business device, the child servers that the occupied bandwidth is higher than the second pre-set bandwidths threshold value are labeled as target child servers, And the target child servers are sealed and stopped using Python technology.
7. device according to claim 5, which is characterized in that the occupied bandwidth obtains module, comprising:
Flow detection submodule, for detecting the flow use value of each server by the NDS detection system;
Flow cleaning submodule, for when judgement is there are when the Traffic Anomaly server of flow use value exception, to the flow Abnormal server carries out flow cleaning;
Occupied bandwidth acquisition submodule, for obtaining to each server after Traffic Anomaly server progress flow cleaning Occupied bandwidth.
8. device according to claim 7, which is characterized in that further include:
Module is unsealed, for after sealing and stopping the destination server using Python technology, when detecting the target clothes When the business normal duration of device flow reaches preset duration, unsealing operation is carried out to the destination server.
9. a kind of server seals and stops equipment characterized by comprising
Memory, for storing computer program;
Processor realizes that the server as described in any one of Claims 1-4 seals and stops method when for executing the computer program The step of.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium Program, realizing that the server as described in any one of Claims 1-4 seals and stops method when the computer program is executed by processor Step.
CN201810865251.4A 2018-08-01 2018-08-01 A kind of server seals and stops method, apparatus, equipment and readable storage medium storing program for executing Pending CN109040064A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810865251.4A CN109040064A (en) 2018-08-01 2018-08-01 A kind of server seals and stops method, apparatus, equipment and readable storage medium storing program for executing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810865251.4A CN109040064A (en) 2018-08-01 2018-08-01 A kind of server seals and stops method, apparatus, equipment and readable storage medium storing program for executing

Publications (1)

Publication Number Publication Date
CN109040064A true CN109040064A (en) 2018-12-18

Family

ID=64648520

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810865251.4A Pending CN109040064A (en) 2018-08-01 2018-08-01 A kind of server seals and stops method, apparatus, equipment and readable storage medium storing program for executing

Country Status (1)

Country Link
CN (1) CN109040064A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109738659A (en) * 2018-12-25 2019-05-10 深圳市理邦精密仪器股份有限公司 A kind of reaction cup processing method, device and terminal device based on the detection of dirty cup

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102043917A (en) * 2010-12-07 2011-05-04 成都市华为赛门铁克科技有限公司 Distributed denial of service (DDOS) attack protection method, device and system for cloud computing system
CN103001942A (en) * 2012-09-14 2013-03-27 北京奇虎科技有限公司 Virtual server and method for defending network attack
KR101498495B1 (en) * 2013-08-26 2015-03-05 홍익대학교 산학협력단 SYSTEM FOR BLOCKING DDoS FALSE TRAFFIC AND METHOD THEREOF
CN105337787A (en) * 2014-07-29 2016-02-17 北京奇虎科技有限公司 Multi-server monitoring method, device and system
CN107018116A (en) * 2016-01-27 2017-08-04 阿里巴巴集团控股有限公司 Method, device and the server of monitoring traffic in network
CN107241304A (en) * 2016-03-29 2017-10-10 阿里巴巴集团控股有限公司 A kind of detection method and device of DDos attacks
CN107426230A (en) * 2017-08-03 2017-12-01 上海优刻得信息科技有限公司 Server scheduling method, apparatus, system, storage medium and equipment
CN107819874A (en) * 2017-11-27 2018-03-20 南京城市职业学院 A kind of method of remote control fire wall terminal

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102043917A (en) * 2010-12-07 2011-05-04 成都市华为赛门铁克科技有限公司 Distributed denial of service (DDOS) attack protection method, device and system for cloud computing system
CN103001942A (en) * 2012-09-14 2013-03-27 北京奇虎科技有限公司 Virtual server and method for defending network attack
KR101498495B1 (en) * 2013-08-26 2015-03-05 홍익대학교 산학협력단 SYSTEM FOR BLOCKING DDoS FALSE TRAFFIC AND METHOD THEREOF
CN105337787A (en) * 2014-07-29 2016-02-17 北京奇虎科技有限公司 Multi-server monitoring method, device and system
CN107018116A (en) * 2016-01-27 2017-08-04 阿里巴巴集团控股有限公司 Method, device and the server of monitoring traffic in network
CN107241304A (en) * 2016-03-29 2017-10-10 阿里巴巴集团控股有限公司 A kind of detection method and device of DDos attacks
CN107426230A (en) * 2017-08-03 2017-12-01 上海优刻得信息科技有限公司 Server scheduling method, apparatus, system, storage medium and equipment
CN107819874A (en) * 2017-11-27 2018-03-20 南京城市职业学院 A kind of method of remote control fire wall terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109738659A (en) * 2018-12-25 2019-05-10 深圳市理邦精密仪器股份有限公司 A kind of reaction cup processing method, device and terminal device based on the detection of dirty cup
CN109738659B (en) * 2018-12-25 2023-01-13 深圳市理邦精密仪器股份有限公司 Reaction cup processing method and device based on dirty cup detection and terminal equipment

Similar Documents

Publication Publication Date Title
CN104170323B (en) Fault handling method and device, system based on network function virtualization
CN105187249B (en) A kind of fault recovery method and device
CN103781100B (en) The policy control method and device of terminal peripheral hardware
CN110312279A (en) A kind of monitoring method and device of network data
EP3211827B1 (en) Alarm processing method and apparatus
CN111628941A (en) Network traffic classification processing method, device, equipment and medium
CN109413091A (en) A kind of network security monitoring method and apparatus based on internet-of-things terminal
CN106502814B (en) Method and device for recording error information of PCIE (peripheral component interface express) equipment
EP2713270A1 (en) Resource scheduling method and device
CN107743076A (en) A kind of NCSI shares interface switching method and device
CN110012076B (en) Connection establishing method and device
CN105897933A (en) Service request processing method and device
CN109074280A (en) Network function virtualization
CN109040064A (en) A kind of server seals and stops method, apparatus, equipment and readable storage medium storing program for executing
CN108733454A (en) A kind of virtual-machine fail treating method and apparatus
CN110072251B (en) Method and device for analyzing user communication behavior and managing user
CN107395451A (en) Surfing flow abnormal processing method, device, equipment and storage medium
CN104184603B (en) A kind of User Status statistical method, apparatus and system
CN109308245A (en) A kind of server resource method for early warning, device, equipment and readable storage medium storing program for executing
CN106919489A (en) Monitoring method and device that the application interface of application program is exited extremely
US20160294665A1 (en) Selectively deploying probes at different resource levels
CN109343944A (en) Data processing method, device, terminal and the storage medium of eSIM card
CN108141374B (en) Network sub-health diagnosis method and device
CN107612755A (en) The management method and its device of a kind of cloud resource
CN102546652B (en) System and method for server load balancing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181218